Bug 155588 - CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
Summary: CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Jer Noble
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-03-17 10:52 PDT by Jer Noble
Modified: 2016-10-31 09:19 PDT (History)
5 users (show)

See Also:

Attachments
Patch (2.29 KB, patch)
2016-03-17 11:23 PDT, Jer Noble 		dbates: review+
Details | Formatted Diff | Diff
Patch for landing (2.32 KB, patch)
2016-03-17 11:46 PDT, Jer Noble 		no flags Details | Formatted Diff | Diff
Follow-up patch (2.54 KB, patch)
2016-03-22 16:53 PDT, Jer Noble 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jer Noble 2016-03-17 10:52:16 PDT 
CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
Comment 1 Jer Noble 2016-03-17 11:23:22 PDT 
Created attachment 274302 [details]
Patch
Comment 2 Jer Noble 2016-03-17 11:24:47 PDT 
<rdar://problem/25177795>
Comment 3 Daniel Bates 2016-03-17 11:34:16 PDT 
Comment on attachment 274302 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=274302&action=review

> Source/WebCore/ChangeLog:10
> +        The Mixed Content spec specifically allows (with certain restrictions) loads of <image>,
> +        <video>, and <audio> resources from mixed-content origins, albeit with warnings.

For your consideration, I suggest that we explicitly provide either a versioned link to the Mixed Content spec or an unversioned link and explicitly mention the type of spec (Editor Draft/CR) and a date. This will make it straightforward to understand the state of the spec when we made this change should the spec change in the future. One example of a ChangeLog that references a spec is <http://trac.webkit.org/changeset/197944>. Another example is <http://trac.webkit.org/changeset/198115>.

> Source/WebCore/loader/cache/CachedResourceLoader.cpp:291
> +    // https://w3c.github.io/webappsec-mixed-content/#category-optionally-blockable

Please add the date of this draft or use a versioned link and explicitly mention the section name.
Comment 4 Daniel Bates 2016-03-17 11:38:07 PDT 
Comment on attachment 274302 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=274302&action=review

> Source/WebCore/ChangeLog:12
> +        No new tests, fixes existing test: http/tests/security/mixedContent/resources/frame-with-insecure-audio-video.html

This is the not a test, it is a resource loaded by a test. The test that you are fixing is http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html.
Comment 5 Jer Noble 2016-03-17 11:46:12 PDT 
Created attachment 274304 [details]
Patch for landing
Comment 6 WebKit Commit Bot 2016-03-18 12:05:03 PDT 
Comment on attachment 274304 [details]
Patch for landing

Clearing flags on attachment: 274304

Committed r198436: <http://trac.webkit.org/changeset/198436>
Comment 7 Jer Noble 2016-03-22 16:53:51 PDT 
Reopening to attach new patch.
Comment 8 Jer Noble 2016-03-22 16:53:54 PDT 
Created attachment 274702 [details]
Follow-up patch
Comment 9 Brent Fulgham 2016-03-22 16:57:31 PDT 
Comment on attachment 274702 [details]
Follow-up patch

r=me.
Comment 10 WebKit Commit Bot 2016-03-22 17:47:43 PDT 
Comment on attachment 274702 [details]
Follow-up patch

Clearing flags on attachment: 274702

Committed r198566: <http://trac.webkit.org/changeset/198566>
Comment 11 Michael Catanzaro 2016-03-23 14:35:56 PDT 
How did we fail to notice the test was broken? :/ Why are there no changes to the test expectations?
Comment 12 Jer Noble 2016-03-23 15:24:43 PDT 
(In reply to comment #11)
> How did we fail to notice the test was broken? :/ Why are there no changes
> to the test expectations?

EFL and GTK both have that test marked as failing. If it now passes again, we should probably remove that TestExpectation.